This post is a writeup of CVE-2023-32364, a macOS application sandbox escape bug I found. It was supposed to be unveiled in my upcoming talk:
"Unexpected, Unreasonable, Unfixable: Filesystem Attacks on macOS" at OBTS v6,
but I needed to cut some bugs out. This is one of them.
macOS Sandboxing …